DEV Community

Intesar Mohammed
Intesar Mohammed

Posted on

2 1

Running Basic Security Tests Against Twitter API

I tweet once in a while about product/organization updates. I've built a couple of Twitter integrations in the past.

As part of security research, I look for vulnerabilities in public APIs and mobile/web backend APIs. I often use the free API security testing tool to run basic tests. These tests are safe and non-intrusive; they detect OAuth 2.0/JWT/Authentication flaws in APIs. Twitter and similar organizations wouldn't mind or see these tests.
https://apisec-inc.github.io/pentest/

I used this Twitter API OpenAPI Specification file URL for testing:
https://api.twitter.com/labs/2/openapi.json

Here is the simple process I followed. I pointed the tool to the Twitter OpenAPI Spec file and just ran the basic tests to see what it returns.
The result came back with one endpoint being open to the public. Upon further investigation, I realized the endpoint was returning the API scheme, so it wasn't a big deal.

Security Report

Vulnerabilities

Conclusion: All Twitter API endpoints are secure, and no issues were found.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Billboard image

Try REST API Generation for MS SQL Server.

DreamFactory generates live REST APIs from database schemas with standardized endpoints for tables, views, and procedures in OpenAPI format. We support on-prem deployment with firewall security and include RBAC for secure, granular security controls.

See more!